Reach a NetSuite RESTlet via OAuth

The goal is to be able to call RESTlets using OAuth-header instead of NLAuth-header from my Java-application. In order to achieve it I took the following steps:

I created NetSuite Developer Community Account and got a testing environment with admin access (domain system.na1.netsuite.com).

I opened Setup --> Company --> Enable Features. Then opened the "SuiteCloud"-tab and checked the "Client SuiteScript", "Server SuiteScript" and "Token-Based Authentication" here.

I opened the edit-page of one of the roles (it is called "08: Inspection" here). On the "Permissions"-tab I opened the "Setup"-tab and added the following permissions to this role: "Access Token Management", "Log in using Access Tokens" and "User Access Tokens".

I edited my account to have that role: opened "Access"-tab while editing the user and on the"Roles"-tab I added that role ("08: Inspection").

I opened Setup --> Integration --> Manage Integrations --> New and created new application here ("TestIntegr"). The final page held two strings: Consumer Key and Consumer Secret. I saved them in my separate file.

I opened Setup --> Users/Roles --> Access Tokens --> New and created new token for my application+user+role. The final page held two strings: Token ID and Token Secret. I saved them in my separate file.

I used my test program to generate authorization header string and then used this string in rest-client (I used "Insomnia") to reach my dummy-restlet. Got "INVALID_LOGIN_ATTEMPT"-error.

In NetSuite audit-logs I can see failures on behalf of my user but without a role.

Then I used this header with my rest-client and got the "INVALID_LOGIN_ATTEMPT"-error (while NLAuth header works perfectly with this rest-client, this user and this dummy-restlet).

I checked my signature-algorithm with this online-tool: http://nouncer.com/oauth/authentication.html It shows the same results with the same tokens/timestamp/nonce/etc. I suppose I missed something during setting up NetSuite environment (user/role/something else). On the other side the NetSuite HelpCenter says: "An INVALID_LOGIN_ATTEMPT error is returned when the nonce, consumer key, token, or signature in the OAuth header is invalid".